1. Field of the Invention
The present invention relates to a data encryption device that encrypts secret data to be stored in a storage device and decrypts the secret data stored in the storage device, and particularly, relates to a data encryption method.
2. Description of the Related Art
As methods for encrypting secret information to store it in a storage device, there are public key encryption and common key encryption. For the common key encryption, the same key is used for both encryption and decryption. On the other hand, for the public key encryption, a set of two keys are used to perform encryption and decryption. That is, different keys are used for encryption and decryption. One of the two keys is used for a public key, and the other key is used for a secret key. For public key encryption, in the case of transmitting secret information to the other party, data is encrypted by using a public key of the other party, and the encrypted data is transmitted to the other party. Then, the other party can decrypt the transmitted data by using the own secret key, and obtains the decrypted secret information.
In general, public key encryption is used for authentication, electronic signature, or distribution of a common key. On the other hand, common key encryption is used for data concealment because common key encryption is faster than public key encryption.
For common key encryption, there are a block cipher and a stream cipher. Among these encryptions, a block cipher has a characteristic in that a plain text is not easily conjectured from a cipher text because data of an output block greatly changes when only one bit of an input block changes. However, because a process is performed for every one block, an encryption process cannot be progressed unless a certain amount of data is prepared.
On the other hand, in the case of a stream cipher, encryption and decryption are performed by an exclusive OR (XOR) of pseudorandom numbers and a plain text. Because pseudorandom numbers can be generated in advance and because a conversion process is simple, a large amount of data can be processed at a high speed. However, initial values (IV) of pseudorandom numbers need to be arranged at encryption and decryption times. Further, when a transmission error or the like occurs, encryption and decryption need to be reperformed by starting from a beginning of the data.
Further, a method using an OFB (Output Feedback) mode, a CFB (Cipher Feedback) mode, and a CTR (Counter) mode according to a block cipher, that combine the characteristic that a plain text of a block cipher is not easily conjectured and the high speed of a stream cipher, was invented by Morris Dworkin, “Recommendation for Block Cipher Modes of Operation”, NIST Special Publication 800-38A, 2001.
As a general usage, a block cipher is used for encrypting a file, and a stream cipher is used for encrypting a large amount of data such as encryption of communications.
To perform encryption of data by building an encryption device in a storage device (a memory device) that performs writing and reading of data by page access, encryption is performed by using a block cipher for each page. However, in the case of a block cipher, an encryption process is started after data of a size corresponding to a block length are arranged, and access to the data becomes intermittent.
On the other hand, in the case of using a stream cipher, high-speed access becomes possible because there is no overhead other than generation of an initial value (IV). However, access needs to be performed always starting from a beginning of data, and access cannot be performed from an arbitrary page.
To solve a problem that access cannot be performed from an arbitrary position in the stream cipher, Japanese Patent Application Laid-open Publication No. 11-225140 discloses a method for making it possible to perform access from an arbitrary position by embedding inserted-information identification information and an initial value (IV) into a data row. However, when an initial value (IV) is set for each page of the storage device, the initial value (IV) is required to be set again each time when a continuous access is performed by striding pages, and overhead occurs. Further, this inserted information is redundant, and this means holding unnecessary data.